CVE-2023-41721
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Instances of UniFi Network Application that (i) are run on a UniFi Gateway Console, and (ii) are versions 7.5.176. and earlier, implement device adoption with improper access control logic, creating a risk of access to device configuration information by a malicious actor with preexisting access to the network.
Affected Products:
UDM
UDM-PRO
UDM-SE
UDR
UDW
Mitigation:
Update UniFi Network to Version 7.5.187 or later.
Instancias de la aplicación UniFi Network que
(i) se ejecutan en una consola UniFi Gateway y
(ii) son versiones 7.5.176. y antes,
implementan la adopción de dispositivos con una lógica de control de acceso inadecuada, creando un riesgo de acceso a la información de configuración del dispositivo por parte de un actor malintencionado con acceso preexistente a la red. Productos afectados: UDM UDM-PRO UDM-SE UDR UDW Mitigación: actualice UniFi Network a la versión 7.5.187 o posterior.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2023-08-31 CVE Reserved
- 2023-10-25 CVE Published
- 2024-09-13 CVE Updated
- 2024-10-31 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-284: Improper Access Control
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Ui Search vendor "Ui" | Unifi Network Application Search vendor "Ui" for product "Unifi Network Application" | <= 7.5.176 Search vendor "Ui" for product "Unifi Network Application" and version " <= 7.5.176" | - |
Affected
| in | Ui Search vendor "Ui" | Unifi Dream Machine Search vendor "Ui" for product "Unifi Dream Machine" | - | - |
Safe
|
| Ui Search vendor "Ui" | Unifi Network Application Search vendor "Ui" for product "Unifi Network Application" | <= 7.5.176 Search vendor "Ui" for product "Unifi Network Application" and version " <= 7.5.176" | - |
Affected
| in | Ui Search vendor "Ui" | Unifi Dream Machine Pro Search vendor "Ui" for product "Unifi Dream Machine Pro" | - | - |
Safe
|
| Ui Search vendor "Ui" | Unifi Network Application Search vendor "Ui" for product "Unifi Network Application" | <= 7.5.176 Search vendor "Ui" for product "Unifi Network Application" and version " <= 7.5.176" | - |
Affected
| in | Ui Search vendor "Ui" | Unifi Dream Machine Special Edition Search vendor "Ui" for product "Unifi Dream Machine Special Edition" | - | - |
Safe
|
| Ui Search vendor "Ui" | Unifi Network Application Search vendor "Ui" for product "Unifi Network Application" | <= 7.5.176 Search vendor "Ui" for product "Unifi Network Application" and version " <= 7.5.176" | - |
Affected
| in | Ui Search vendor "Ui" | Unifi Dream Router Search vendor "Ui" for product "Unifi Dream Router" | - | - |
Safe
|
| Ui Search vendor "Ui" | Unifi Network Application Search vendor "Ui" for product "Unifi Network Application" | <= 7.5.176 Search vendor "Ui" for product "Unifi Network Application" and version " <= 7.5.176" | - |
Affected
| in | Ui Search vendor "Ui" | Unifi Dream Wall Search vendor "Ui" for product "Unifi Dream Wall" | - | - |
Safe
|